2 matches found
CVE-2026-28412
CVE-2026-28412 affects Textream, a macOS teleprompter app. The DirectorServer WebSocket server allows unlimited concurrent connections, and when combined with a broadcast timer sending state to all clients every 100 ms, it can exhaust CPU and memory, freezing/crashing the application during live ...
CVE-2026-28403
CVE-2026-28403 (Textream) affects Textream, a macOS teleprompter app. Prior to version 1.5.1, the built-in DirectorServer WebSocket endpoint (ws://127.0.0.1:) does not validate the HTTP Origin header during the WebSocket handshake, allowing a malicious page loaded in the same browser session to s...